No more robocalls: New tech automatically hangs up on robots

US gov't names winners of contest to build the best robocall-blocking system.

Every month, the Federal Trade Commission receives 200,000 complaints about illegal robocalls, making it the most common problem reported to the FTC. Although the FTC has shut down some of the companies responsible for the billions of robocalls made in the US, it lacks a technological solution that would stop robocallers from dialing in the first place.

That's why the FTC last October offered a $50,000 prize to whoever could come up with the best technology for stopping robocalls. Today, the FTC announced three winners who devised robocall blocking systems that might help end the scourge forever. Two of the winning proposals detect illegal robocallers and disconnect the call before it can get through to consumers. The third would build a database of bad numbers by having consumers report robocalls.

The $50,000 prize will be split by two co-winners who separately built systems that "focus on intercepting and filtering out illegal prerecorded calls using technology to 'blacklist' robocaller phone numbers and 'whitelist' numbers associated with acceptable incoming calls," the FTC said. "Both proposals also would filter out unapproved robocallers using a CAPTCHA-style test to prevent illegal calls from ringing through to a user."

The FTC additionally honored two Google employees named Daniel Klein and Dean Jackson for devising a crowd-sourced robocall identification and blocking system. They won't receive a financial prize because none was offered for proposals from large businesses, but the system could still end up helping consumers.

The winners who split the $50,000 prize were Aaron Foss, a freelance software developer from Long Island, NY, and a computer engineer named Serdar Danis. Foss attended the winners' announcement press conference and talked to Ars on the phone afterwards.

Nomorobo—say it out loud

Foss' system is called "Nomorobo," and it blocks robocalls on any type of phone—landline, VoIP, or cellular—without requiring the user to buy any extra hardware. The customer would set up conditional call forwarding through their phone provider, allowing calls to ring both to their own number and to a Nomorobo number.

Nomorobo answers the calls first, passing legitimate calls (such as those from actual humans) through and hanging up on illegal robocalls. Rest assured this is more complicated than it sounds, and there is still work to be done before it can be deployed at scale.

One problem is that not all robocalls are illegal. The well-known "Rachel at cardholder services" and other such scams clearly are illegal, but robocalls are legal for groups such as charities, government and political organizations, and pharmacies notifying customers that their prescriptions are ready. Thus, a comprehensive whitelist to pass through legal calls and blacklists to block illegal ones must be developed.

The blacklist would be populated with the worst offenders in an FTC database, and Nomorobo uses algorithms to identify other illegal robocallers. If the system isn't sure, it presents the caller with an audio CAPTCHA to verify whether it's legit, as you can see in a Nomorobo demo video:

Nomorobo

"You might be a robocaller," the system asks the illegal robocaller. "To prove you are a human please enter the number 71. … I'm sorry that is incorrect. Your number has been blacklisted."

Foss said he developed an algorithm to detect whether calls are illegitimate, inspecting the caller ID header and frequency of calls. He said it can detect illegal calls even when robocallers use spoofed caller IDs, but said he will not reveal exactly how it does that because it's proprietary technology he intends to sell. (Presumably, the FTC got a more detailed rundown of the technology during the awards process.)

Creating a comprehensive whitelist is also a major challenge, as it requires anyone making legitimate robocallers to identify themselves. Foss believes legitimate users of robocaller services will be eager to participate, however, because the proliferation of illegal robocalls makes it harder for consumers to trust the legal ones.

"The not-bad guys in the robocall market are just as much against illegal robocalls as the FTC is," he said. "The major companies want to make sure their phone calls get through."

Nomorobo itself runs in the cloud. Foss said he uses Twilio for phone connectivity and would likely run the server on the Amazon Elastic Compute Cloud. "It would be very lightweight. The system can could do analysis rapidly without a lot of computing power," he said.

If the Nomorobo system suffered an outage, the worst that would happen is that customers would receive all the calls directed at them (both legitimate and illegitimate).

Foss set up a website for Nomorobo and plans to use the $25,000 as seed money to help bring the system to market. While he wants to commercialize it himself, he is also open to partnerships and licensing the technology to other companies.

The company operating the service would be able to manage call numbers through an interface like this one:

Foss hopes to get Nomorobo on the market within the next six months. He envisions the service being sold to consumers for a "small monthly fee," billed either through the phone company or directly through Nomorobo.

"Does it work? Is it easy to use?"

The FTC received nearly 800 proposals, judging them on the criteria of "Does it work?," "Is it easy to use?," and "Can it be rolled out?" The judges were FTC Chief Technologist Steve Bellovin, Federal Communications Commission Chief Technologist Henning Schulzrinne, and AllThingsD editor Kara Swisher.

One interesting proposal that did not win the contest involved a Raspberry Pi, additional hardware, and software to implement a blacklist/whitelist system. We wrote about it in February, noting at the time that it could fail the easy-to-use test by requiring consumers to buy hardware. It also didn't work across all types of cell phones.

The winners' systems are supposed to work across any type of phone system and shouldn't be difficult for consumers to set up. Besides Foss, Robocall Challenge co-winner Danis developed a system called "Robocall Filtering System and Device with Autonomous Blacklisting, Whitelisting, GrayListing and Caller ID Spoof Detection." It works similarly to Nomorobo, but can be implemented through hardware or software. The FTC describes it thusly:

This solution involves a software application that can authenticate Caller ID information as either authentic or spoofed, and display this information to the customer. It can be implemented through a customer-installed software application on smartphones and certain telephone systems, through updates to smartphone operating systems or carriers’ software, or through a hardware device at the customer premises. In addition to authenticating Caller ID information, the system depends on white and black lists that can be populated manually or autonomously and then aggregated into global white and black lists. Calls with authentic caller IDs on private or global white lists can be put through to the customer and calls from spoofed caller IDs or authentic callers' IDs on the private or global black lists can be dropped. Any number not on a white or black list, or not authenticated, can be handled based on customer preferences, such as forwarded to voice mail or subjected to human verification without ringing the customer phone. Human verification would rely on continuously changing pre-recorded questions presented to the caller, which would be difficult for a computer to answer. The solution stops those who abuse the telephone system without inconveniencing regular callers.

The system developed by Google engineers Klein and Jackson would rely on consumers to report illegal robocalls, making it easier to block calls from known bad numbers. We've contacted a spokesperson for Klein and Jackson to find out whether and when the engineers or Google plan to release this system to the public, but haven't heard back yet.

The FTC description of the Google-proposed system reads:

Google’s robocall concept could give consumers the power to block robocalls—and to allow that information to be used to shield all consumers from robocallers even before their phones ring. The concept could work across all phone platforms as deployed via a smartphone app, changes to VoIP telephone software, or hardware devices. In each case, consumers could easily indicate whether an unknown number should be blocked in the future, which could then be communicated to a centralized database. After a number of people marked a caller as needing to be blocked, that caller could be blocked for everyone else that chose to use the system. The system would include a specialized mechanism to combat Caller ID spoofing. In addition, before adding a number to the centralized database, many factors could be considered such as call volume, frequency, and inbound/outbound ratio. These factors could be computed dynamically, adjusting the behavior of the system to match current calling patterns. Also, the system could use a whitelist to keep some numbers out of the database. By using aggregated data about the incoming phone numbers in this manner, this concept could quickly identify and block robocallers and the fraudsters that use these automated calls to swindle consumers.

The FTC contest certainly brought out some interesting technology ideas that may otherwise not have seen the light of day. The winning systems "represent a real breakthrough" and "offer ideas we haven't seen before," FTC Bureau of Consumer Protection Acting Director Chuck Harwood said at the press conference.

The FTC won't build the systems itself, instead leaving it up to the private sector to bring them to market. If some company really can stop robocalls in their tracks, they could very well make a boatload of cash.

Promoted Comments

One problem is that not all robocalls are illegal. The well-known "Rachel at cardholder services" and other such scams clearly are illegal, but robocalls are legal for groups such as charities, government and political organizations, and pharmacies notifying customers that their prescriptions are ready. Thus, a comprehensive whitelist to pass through legal calls and blacklists to block illegal ones must be developed.

Why must such a whitelist be developed? It's not illegal for them to make the calls, but neither is it illegal for me to decline to receive them so long as the call screening is something that I asked for.

So go ahead and implement something that blocks any robocall: I'd sign up.

I haven't gotten a robocall in years, legal or otherwise. I've got a little Panasonic telephone system that includes voice mail, and its auto-attendant feature answers all calls. Friends and family whose numbers are in a whitelist I maintain hear a pleasant voice say, "Please wait a moment" and my phone rings. Unknown callers get, "If you know the extension number... otherwise, please press..." Human beings press the correct key and get through. Machines time out and my phone system hangs up on them.

I get a few unwanted calls from humans, mostly bill collectors because I have a very common name. Their numbers go in a blacklist and they get, "Your call will not be connected." {heh}

For anyone who may care, I wrote a long rant about this a few years ago.

87 Reader Comments

Forget "legal" robocalls, if you are inconveniencing me by calling on the phone (instead of sending email like a civilized company), then I don't want any robots involved at all. If it's not worth putting a human on the line, it's not worth my time.

I don't understand why robocalls are such a terrifying technical issue. Yes, caller-ID spoofing is trivial. However, my understanding is that the version that telcos actually use for stuff they care about(ANI) is a much tougher nut to crack. If team telco weren't happy to sit *oh-so-helplessly* by and slurp up the additional minutes, it'd be game over...

If memory serves, 'phreaks' and similar sorts who used technical tricks against Ma Bell's financial interests were largely exterminated, years ago, by a mixture of technical improvements and significant penalties.

Forget "legal" robocalls, if you are inconveniencing me by calling on the phone (instead of sending email like a civilized company), then I don't want any robots involved at all. If it's not worth putting a human on the line, it's not worth my time.

Indeed. If there's no human on the line, I clearly don't have to listen to your message RIGHT NOW- therefore you should be using some sort of modern asynchronous system. Email, text message, whatever.

There is a small and increasingly shrinking population that doesn't have access to these things, and the smaller that group gets the easier it gets to have specific workarounds for them.

The politician-you'll-never-vote-for robocalling you every day for two months prior to an election may be "legal" but it's still an unwanted robocall. Any system which doesn't take this into consideration won't get mainstream acceptance from phone users.

Oh great, so I can put my friends and family through hell calling me while the spammers break the lame audio captcha. Seriously are they that stupid or just lazy? The most reliable method for breaking captchas right now is when they offer audio for hearing impaired, I use a plugin on my tablet just for it (on the PC just faster to solve visually).

Oh great, so I can put my friends and family through hell calling me while the spammers break the lame audio captcha. Seriously are they that stupid or just lazy? The most reliable method for breaking captchas right now is when they offer audio for hearing impaired, I use a plugin on my tablet just for it (on the PC just faster to solve visually).

Theoretically, your friends and family shouldn't have to type in any CAPTCHA because they won't be flagged by the system.

The Google system, which is already being used by Google Voice in some form, seems to work well. I'm happy with the much-reduced BS call volume. Not a single political candidate got through, and left a prerecorded message that I could listen to, or not, as I chose.

It's progress, even if for a limited time before the robocallers figure out a bypass. Our home phone gets something like 15-20 robo calls a week, sometimes more. Even though we're on the Do-Not-Call list it doesn't seem to make a difference.

Forget "legal" robocalls, if you are inconveniencing me by calling on the phone (instead of sending email like a civilized company), then I don't want any robots involved at all. If it's not worth putting a human on the line, it's not worth my time.

Indeed. If there's no human on the line, I clearly don't have to listen to your message RIGHT NOW- therefore you should be using some sort of modern asynchronous system. Email, text message, whatever.

There is a small and increasingly shrinking population that doesn't have access to these things, and the smaller that group gets the easier it gets to have specific workarounds for them.

Funny story, I have a rule that I refuse to vote for politicians who use Robocalls for campaign ads. I got so many last provincial election (in Ontario, Canada) that I ended up voting for the one major party that didn't Robocall me, not only that they still called me, but employed an actual person, they also came to my door to bother me.

If politicians keep bothering me I'm going to start a campaign to get everyone to vote using a similar system. Then maybe we will get some peace.

Not only that, the FTC should mandate caller ID as a requirement for phone service. I refuse to pay an extra buck or two a month for something that costs them nothing to provide. That's just as bad as when they use to charge extra for tone dialing. If it is going to be any sort of "fix" to the problem, it has to be universal.

The ability to spoof Caller ID should never have been allowed to begin with. The telephone companies should prevent any "blocked" or "unknown" calls from even traversing their networks.

The problem is that not all "spoofing" is bad. When I make a call from my university office, it goes out on a trunk circuit that doesn't even have a telephone number in the sense that we think of them. (It does have a "billing number.") The caller ID that travels with my call is that of the phone in my office, so, it's "spoofed."

One problem is that not all robocalls are illegal. The well-known "Rachel at cardholder services" and other such scams clearly are illegal, but robocalls are legal for groups such as charities, government and political organizations, and pharmacies notifying customers that their prescriptions are ready. Thus, a comprehensive whitelist to pass through legal calls and blacklists to block illegal ones must be developed.

Why must such a whitelist be developed? It's not illegal for them to make the calls, but neither is it illegal for me to decline to receive them so long as the call screening is something that I asked for.

So go ahead and implement something that blocks any robocall: I'd sign up.

Why must such a whitelists be developed? It's not illegal for them to make the calls, but neither is it illegal for me to decline to receive them so long as the call screening is something that I asked for.

In the immortal words of Mr. Justice Walter Matthau, "the telephone's got no Constitutional right to be answered."

The problem is that not all "spoofing" is bad. When I make a call from my university office, it goes out on a trunk circuit that doesn't even have a telephone number in the sense that we think of them. (It does have a "billing number.") The caller ID that travels with my call is that of the phone in my office, so, it's "spoofed."

So it's therefore impossible for me to tap *FU on my handset immediately after getting a call, and tell the phone company that your billing-id/IMEI/EIN is being a jerk? The phone company doesn't have to just go by my say-so, they could do some big-datay thingy to go after the worst 1% of Rachels everywhere.

The ability to spoof Caller ID should never have been allowed to begin with. The telephone companies should prevent any "blocked" or "unknown" calls from even traversing their networks.

The problem is that not all "spoofing" is bad. When I make a call from my university office, it goes out on a trunk circuit that doesn't even have a telephone number in the sense that we think of them. (It does have a "billing number.") The caller ID that travels with my call is that of the phone in my office, so, it's "spoofed."

Or an agent in a Call Center.

Spoofing is a good thing, but it's also incredibly easy. It is, of course, a federal offense. Thus, the problem with the entire system. Of course, back in the old days, Caller ID didn't even exist, so. Should be happy that it does exist now, because just imagine just picking up a phone not even knowing who is calling.

I haven't gotten a robocall in years, legal or otherwise. I've got a little Panasonic telephone system that includes voice mail, and its auto-attendant feature answers all calls. Friends and family whose numbers are in a whitelist I maintain hear a pleasant voice say, "Please wait a moment" and my phone rings. Unknown callers get, "If you know the extension number... otherwise, please press..." Human beings press the correct key and get through. Machines time out and my phone system hangs up on them.

I get a few unwanted calls from humans, mostly bill collectors because I have a very common name. Their numbers go in a blacklist and they get, "Your call will not be connected." {heh}

For anyone who may care, I wrote a long rant about this a few years ago.

So it's therefore impossible for me to tap *FU on my handset immediately after getting a call, and tell the phone company that your billing-id/IMEI/EIN is being a jerk? The phone company doesn't have to just go by my say-so, they could do some big-datay thingy to go after the worst 1% of Rachels everywhere.

The phone company could do that. They have the billing number of the circuit where the call originated, no matter what's sent as caller ID. Someone referred to ANI, Automatic Number Identification, in an earlier comment. It's carried out-of-band, is different from caller ID, and is quite bullet-resistant.

Rachel, however, is paying The Phone Company big bucks for the phone lines she uses to bother us. Grrrr....

Forget "legal" robocalls, if you are inconveniencing me by calling on the phone (instead of sending email like a civilized company), then I don't want any robots involved at all. If it's not worth putting a human on the line, it's not worth my time.

In Canada they have targeted robocalls that claim to be from Elections Canada and tell people to go to the wrong polling station so that they can't vote. It may have affected the outcome of the last federal election and formation of the current Government.

The source surely would have been whitelisted under this kind of system since it was a company whose entire business is selling robocalling services to legitimate businesses. The company is (apparently) not being held responsible, only the customer who contracted with the robocall company is being targeted in the investigation.

Forget "legal" robocalls, if you are inconveniencing me by calling on the phone (instead of sending email like a civilized company), then I don't want any robots involved at all. If it's not worth putting a human on the line, it's not worth my time.

Indeed. If there's no human on the line, I clearly don't have to listen to your message RIGHT NOW- therefore you should be using some sort of modern asynchronous system. Email, text message, whatever.

There is a small and increasingly shrinking population that doesn't have access to these things, and the smaller that group gets the easier it gets to have specific workarounds for them.

Ditto. There is zero reason to use robocallers.

One use that I still think is useful is school closing notifications for weather issues such as snow. I know that information can often be obtained elsewhere, but there are certainly people who think it's more convenient than looking at social media or the TV news station's ticker.

Congress just needs to do what we did with junk faxes: allow the recipient of the unwanted call to sue in court for damages or $500 whichever is greater. It's not like the companies making these call do it for entertainment. They all have financial assets which would be at risk from court judgements against them. It would take only a small percentage of the folks on the receiving end deciding to sue to make the whole business thoroughly unattractive.

One problem is that not all robocalls are illegal. The well-known "Rachel at cardholder services" and other such scams clearly are illegal, but robocalls are legal for groups such as charities, government and political organizations, and pharmacies notifying customers that their prescriptions are ready. Thus, a comprehensive whitelist to pass through legal calls and blacklists to block illegal ones must be developed.

Why must such a whitelist be developed? It's not illegal for them to make the calls, but neither is it illegal for me to decline to receive them so long as the call screening is something that I asked for.

So go ahead and implement something that blocks any robocall: I'd sign up.

I would also sign up and to further this idea I will also State that if you really need to talk to me then use the USPS !Not only will I hang up on your Robocall but I will also Delete any and all Emails from stuff I do not recognize without looking at the Message itself.I only need see the Subject Heading and maybe on occasion the address of who sent it.

Funny story, I have a rule that I refuse to vote for politicians who use Robocalls for campaign ads. I got so many last provincial election (in Ontario, Canada) that I ended up voting for the one major party that didn't Robocall me

There have been cases in US of underhanded false-flag robocalls where you get calls that say they are from one party but are actually paid for by the other party.

Conservatives in Canada were also embroiled in a robocall scandal in the last election when they (or some of their election staffers) sent out robocalls that gave incorrect directions to polling place locations.

They need to make laws so that the people who own PBXs used to spoof do hard time. They also need laws so that the televeal (people locked in a tiny cubical with a phone and a computer all day) that actually take the calls if someone hits 1 instead of hanging up, do hard time. When you are risking 10-15 years hard time + a million dollar fine, for taking an 8$/hr televeal job, then you either go to jail if too stupid or just decide the risk is too high and do not take the job. And the owners/management of the scam... real long hard time 40 years minimum.

These people are not in some small foreign country they speak native English. They know they are breaking the law because when you ask what company they work for or to be removed from their call list they just hang up on you. They are criminals, send them to jail and fine the daylights out of them.

These people are not impossible to find. They want your money and to do so a human has to fit in the equation. The law firm looking for people for a YAZ class action? Hard time. Siding sales, hard time.

Captchas are bad enough on websites. If I ever hear an automated answering device tell me I might be a robot and ask for a Captcha as proof that I am not, I will almost certainly hang up and not call that person back. This is so much worse than robocalls.